# GET /comptes/1
# GET /comptes/1.json
def show
- authorize @compte
+ authorize Compte
end
# GET /comptes/new
def new
+ authorize Compte
@compte = Compte.new
- authorize @compte
-
@structures = Structure.all
3.times { @compte.contacts.build }
end
# GET /comptes/1/edit
def edit
- authorize @compte
-
+ authorize Compte
@structures = Structure.all
3.times { @compte.contacts.build }
end
# POST /comptes
# POST /comptes.json
def create
+ authorize Compte
@compte = Compte.new(compte_params)
- authorize @compte
respond_to do |format|
if @compte.save
# PATCH/PUT /comptes/1
# PATCH/PUT /comptes/1.json
def update
+ authorize Compte
+
respond_to do |format|
if @compte.update(compte_params)
- authorize @compte
format.html { redirect_to @compte, notice: 'Compte was successfully updated.' }
format.json { render :show, status: :ok, location: @compte }
else
# DELETE /comptes/1
# DELETE /comptes/1.json
def destroy
- authorize @compte
+ authorize Compte
+
@compte.destroy
respond_to do |format|
format.html { redirect_to comptes_url, notice: 'Compte was successfully destroyed.' }
# GET /enfants
# GET /enfants.json
def index
+ authorize Enfant
+
@enfants = Enfant.all
@structures = current_user.organisation.structures
@classrooms = current_user.organisation.classrooms
# GET /enfants/1
# GET /enfants/1.json
def show
+ authorize Enfant
end
# GET /enfants/new
def new
+ authorize Enfant
+
@enfant = Enfant.new
@enfant.compte = Compte.find(params[:compte_id])
@classrooms = @enfant.compte.structure.classrooms
# GET /enfants/1/edit
def edit
+ authorize Enfant
@classrooms = @enfant.compte.structure.classrooms
@prestation_types = @enfant.compte.structure.organisation.prestation_types
1.times { @enfant.reservations.build(début: Date.today) }
# POST /enfants
# POST /enfants.json
def create
- @enfant = Enfant.new(enfant_params)
+ authorize Enfant
+ @enfant = Enfant.new(enfant_params)
respond_to do |format|
if @enfant.save
format.html { redirect_to @enfant, notice: 'Enfant was successfully created.' }
# PATCH/PUT /enfants/1
# PATCH/PUT /enfants/1.json
def update
+ authorize Enfant
+
respond_to do |format|
if @enfant.update(enfant_params)
format.html { redirect_to @enfant, notice: 'Enfant was successfully updated.' }
# DELETE /enfants/1
# DELETE /enfants/1.json
def destroy
+ authorize Enfant
+
@enfant.destroy
respond_to do |format|
format.html { redirect_to enfants_url, notice: 'Enfant was successfully destroyed.' }
# GET /organisations
# GET /organisations.json
def index
+ authorize Organisation
end
# GET /organisations/1
# GET /organisations/1.json
def show
+ authorize Organisation
end
# GET /organisations/new
def new
+ authorize Organisation
+
@organisation = Organisation.new
3.times { @organisation.structures.build }
end
# GET /organisations/1/edit
def edit
+ authorize Organisation
+
1.times { @organisation.structures.build }
end
# POST /organisations
# POST /organisations.json
def create
+ authorize Organisation
+
@organisation = Organisation.new(organisation_params)
respond_to do |format|
# PATCH/PUT /organisations/1
# PATCH/PUT /organisations/1.json
def update
+ authorize Organisation
+
respond_to do |format|
if @organisation.update(organisation_params)
format.html { redirect_to @organisation, notice: 'Organisation was successfully updated.' }
# DELETE /organisations/1
# DELETE /organisations/1.json
def destroy
+ authorize Organisation
+
@organisation.destroy
respond_to do |format|
format.html { redirect_to organisations_url, notice: 'Organisation was successfully destroyed.' }
--- /dev/null
+class EnfantPolicy < ApplicationPolicy
+ class Scope < Scope
+ def resolve
+ scope.all
+ end
+ end
+end
--- /dev/null
+class OrganisationPolicy < ApplicationPolicy
+ class Scope < Scope
+ def resolve
+ scope.all
+ end
+ end
+
+ def index?
+ false
+ end
+
+ def show?
+ user.admin?
+ end
+
+end
+++ /dev/null
-class PostPolicy
- attr_reader :user, :post
-
- def initialize(user, post)
- @user = user
- @post = post
- end
-
- def update?
- user.admin? or not post.published?
- end
-end
\ No newline at end of file
</td>
<td>
<% if policy(compte).destroy? %>
- <%= link_to compte, method: :delete, data: { confirm: 'Are you sure?' } do %>
+ <%= link_to compte, method: :delete, data: { confirm: 'Etes-vous bien certain.e ???' } do %>
<i class="fas fa-trash-alt"></i>
<% end %>
<% end %>
<td><%= l enfant.date_naissance %></td>
<td><%= enfant.menuSP %></td>
<td><%= enfant.menuALL %></td>
- <td><%= link_to 'Edit', edit_enfant_path(enfant) %></td>
- <td><%= link_to 'Destroy', enfant, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+ <td><% if policy(enfant).edit? %>
+ <%= link_to edit_compte_path(enfant) do %>
+ <i class="far fa-edit"></i>
+ <% end %>
+ <% end %>
+ </td>
+ <td>
+ <% if policy(enfant).destroy? %>
+ <%= link_to enfant, method: :delete, data: { confirm: 'Etes-vous bien certain.e ???' } do %>
+ <i class="fas fa-trash-alt"></i>
+ <% end %>
+ <% end %>
+ </td>
</tr>
<% end %>
</tbody>
<strong>Email:</strong>
<%= @organisation.email %>
</p>
- <%= link_to 'Editer', edit_organisation_path(@organisation) %>
+
+ <% if policy(@organisation).edit? %>
+ <%= link_to edit_organisation_path(@organisation) do %>
+ <i class="far fa-edit"></i> Editer
+ <% end %>
+ <% end %>
</div>
<div class="col">
</tr>
<% end %>
</table>
+ <% if policy(@organisation).edit? %>
+ <%= link_to edit_organisation_path(@organisation) do %>
+ <i class="far fa-edit"></i> Editer les structures
+ <% end %>
+ <% end %>
</p>
<p>
<% end %>
</table>
</p>
- <%= link_to "Ajouter un type de tarif", new_tarif_type_path(organisation_id: @organisation) %>
+ <%= link_to new_tarif_type_path(organisation_id: @organisation) do %>
+ <i class="fas fa-plus-circle"></i> Ajouter un type de tarif
+ <% end %>
<p>
<h3>Types de prestations</h3>
<% end %>
</table>
</p>
- <%= link_to "Ajouter un type de prestation", new_prestation_type_path(organisation_id: @organisation) %>
-
+ <%= link_to new_prestation_type_path(organisation_id: @organisation) do %>
+ <i class="fas fa-plus-circle"></i> Ajouter un type de prestation
+ <% end %>
</div>
<div class="col">
<% end %>
</table>
</p>
-
-
</div>
</div>
-
+<br />